Demographic Request
KateBK opened this issue · comments
As a user I can see the risk and benefit to sharing my demografic info
Here's what I'm thinking for the initial paragraph on any major page where we ask you for demographic information (e.g. signup, profile, etc.).
What does it mean for advertisers to have your demographic data?
A highly-detailed demographic profile allows advertisers to serve you the ads they think “fit” your demographic—a practice that can easily turn discriminatory.
Additionally, even a small amount of highly-specific demographic information can deanonymize you. If advertisers sell their data to third parties, or if that data gets leaked, your identity is compromised.
Read on to see the demographic information Floodwatch cares about, why we ask for it, and the efforts we take to keep your identity safe and anonymous.
And so an individual demographic question might have 2 icons representing relevance and protection, with copy like this:
Question: What is your gender?
Answer type: a bunch of gender checkboxes
Relevance: Studies have found that simulated male profiles receive ads that were associated with $200000 6x more than simulated female profiles.
Protection: If there are not #n of FW users who share your gender info, your data won’t be displayed in user queries.
Question: What is your age?
Answer type: age range radio buttons, spanning 5+ years
Relevance: Age is a protected class under the US constitution, and so cannot be discriminated against.
Protection: We only ask for your age range, rather than your exact age or birthdate, because the latter two can quickly deanonymize you. Additionally, if there are not #n of FW users who share your age range, your data won’t be displayed in user queries.
My concern is that this might get a little clunky for inline demographic questions, since those are already popovers over modals over the page--I'm a little loath to add yet another layer or pop over a new window.
E.g.:
On the Nov 7 meeting, we broke out the major concerns/things we need to communicate to the users into 3 general groups:
- Users will want to know why we're asking for a particular piece of information.
- Users should know that we're following best practices.
- Users should understand that there is implicit/inherent risk in giving us this data: if the data is stolen, then theoretically...
- ...someone could use the stored demographic information to figure out your identity
- ...if the extension accidentally screenshots something it shouldn't (e.g. your bank statement), that could cause trouble for you
- ...someone could link your identity to images of your ads
Ultimately we decided to break out the longer privacy explanations (e.g. how someone could theoretically break into the FW database and theoretically deanonymize you) onto another page. This is almost certainly going to dovetail with #15 (Privacy Policy).
We also decided to have some shorter copy to make this clear (and link you to that page) on the Profile, Signup, and Dashboard pages. Here's some drafted copy, in long and short versions, with specifics for individual demographics.
Long version (e.g., to put on the Profile page and in the signup flow):
A highly-detailed demographic profile allows advertisers to serve you the ads they think “fit” your demographic—a practice that can easily turn discriminatory.
Additionally, even a small amount of highly-specific demographic information can de-anonymize you. If advertisers sell their data to third parties, or if that data gets leaked, your identity is compromised.
The goal of Floodwatch is to reverse this power relationship by giving people their data back, and allowing them to aggregate data in order to discover far-reaching trends.
There is implicit risk to giving this data to anyone, advertiser or not. Unlike advertisers, Floodwatch has open source code that is regularly audited by security experts familiar with industry best practices. Click here to read more about the risks and how Floodwatch manages them.
Short version (e.g., to slip into a demographic prompt on the Dashboard):
There is implicit risk in having your demographic information collected by anyone, whether that’s passively by an advertiser, or actively by an app like Floodwatch. Click here to learn how Floodwatch manages these risks to keep your info safe.
Individual demographics
AGE
Age is a protected class under US federal anti-discrimination law. The Age Discrimination in Employment Act of 1967 prohibits employment discrimination (including job ads) against anyone 40 years or older.
RACE/ETHNICITY
Race and ethnicity are protected classes under US federal anti-discrimination law, as of The Civil Rights Act of 1964.
In 2016, a ProPublica investigation revealed that Facebook was allowing advertisers to exclude certain “ethnic affinities” from their housing and job ads—illegal under the Federal Fair Housing Act and the Civil Rights Act.
SEX
Sex is a protected class under US federal anti-discrimination law, as of the Civil Rights Act of 1964. (The US Equal Employment Opportunity Commission includes discrimination based on gender and orientation under sex.)
A study at CMU on online advertising discovered that simulated male users were shown high-paying job ads about 1,800 times, compared to simulated female users, who saw those ads about 300 times.
RELIGION
Religion is a protected class under US federal anti-discrimination law, as of the Civil Rights Act of 1964.
LOCATION
Your location—as separate from your nationality—is not a protected class. However, it provides a snapshot of the demographics around you (income, religion, racial breakdown, political orientation, education, etc.), making it a helpful meta-demographic.